Author

Topic: GMR-1, GMR-2 comprimised. Does this mean anything for Bitcoin? (Read 2243 times)

legendary
Activity: 2282
Merit: 1050
Monero Core Team
Calling those systems cryptosystems is a strectch.  The fact that the researchers were able to attack it by extracting the cipher means it was operating under "security through obscurity".  Real cryptographic systems don't.

In building a cryptographic system you should not only expect but ASSUME the attacker will have EVERYTHING except the private key/data.  He has all public data, copies of other plaintext, copies of other cipher text, all initialization vectors, complete understanding of the algorithm and the system, whitepapers, all other cryptographic analysis and .... the system should STILL BE SECURE.

With SHA-256 there is nothing to "find".

Here is the representation of 1 round of the SHA-256 hash (64 rounds for final hash):


Here are the functions:





Here are the eight h values:
Code:
0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19

Here are the 64 k values:
Code:
   0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
   0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
   0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
   0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
   0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
   0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
   0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
   0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2

There are no secrets.  Every part of the code is publicly available and has been vetted by cryptographers around the world.

So what does the failure of GMR mean?
"Security through obscurity is no security at all" is still alive and well.  One would think after 3 decades of near continual hacks, breaks, and attacks on weak systems (WEP, GSM, CSS, etc) involving "obscurity" that companies would learn but they likely never will.
I could not agree more. The cracked systems are in reality a form of DRM and not cryptography based any sound mathematical principals. Bitcoin has nothing to fear from this any more that than from the cracking of the latest DRM promoted by the MPAA or RIAA. Security by obscurity is digital snake oil; however it is a multi billion dollar digital snake oil business, protected by legislation in many parts of the world. Its most popular application is of course DRM.
hero member
Activity: 728
Merit: 500
165YUuQUWhBz3d27iXKxRiazQnjEtJNG9g
Crypto is notoriously hard to do right. Most privately developed systems are flawed. The best crypto systems are developed and reviewed publicly and refined until they're as good as possible. Bitcoin uses ECDSA, SHA256, and RIPEMD, and the specific implementation has been carefully reviewed as well.  These are all top-tier, thoroughly reviewed systems that are unlikely to have any of the amateur mistakes they made in GMR and A5/2.
donator
Activity: 1218
Merit: 1079
Gerald Davis
Calling those systems cryptosystems is a strectch.  The fact that the researchers were able to attack it by extracting the cipher means it was operating under "security through obscurity".  Real cryptographic systems don't.

In building a cryptographic system you should not only expect but ASSUME the attacker will have EVERYTHING except the private key/data.  He has all public data, copies of other plaintext, copies of other cipher text, all initialization vectors, complete understanding of the algorithm and the system, whitepapers, all other cryptographic analysis and .... the system should STILL BE SECURE.

With SHA-256 there is nothing to "find".

Here is the representation of 1 round of the SHA-256 hash (64 rounds for final hash):


Here are the functions:





Here are the eight h values:
Code:
0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19

Here are the 64 k values:
Code:
   0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
   0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
   0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
   0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
   0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
   0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
   0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
   0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2

There are no secrets.  Every part of the code is publicly available and has been vetted by cryptographers around the world.

So what does the failure of GMR mean?
"Security through obscurity is no security at all" is still alive and well.  One would think after 3 decades of near continual hacks, breaks, and attacks on weak systems (WEP, GSM, CSS, etc) involving "obscurity" that companies would learn but they likely never will.
hero member
Activity: 614
Merit: 500
It means nothing. The cryptosystems are unrelated.
full member
Activity: 154
Merit: 100
It means nothing. The cryptosystems are unrelated.

The part that caught my eye,

"The secret algorithms were analyzed by downloading publicly available firmware used by the phones, disassembling the code, and using some clever techniques to isolate the ciphers. The analysis techniques may prove valuable in exposing weaknesses in other encryption schemes as well."

legendary
Activity: 1526
Merit: 1134
It means nothing. The cryptosystems are unrelated.
full member
Activity: 154
Merit: 100
I'm not well learned concerning the ins and outs of cryptography, but I saw this article (http://arstechnica.com/business/news/2012/02/crypto-crack-makes-satellite-phones-vulnerable-to-eavesdropping.ars) and was wondering if anyone could shed any light on what this does/doesn't mean for the cryptography behind Bitcoin.
Jump to: